Add middleware/dnssec (#133)

This adds an online dnssec middleware. The middleware will sign responses on the fly. Negative responses are signed with NSEC black lies.
2025-11-01 10:43:17 -04:00 · 2016-04-26 17:57:11 +01:00
parent 8e6c690484
commit 1aa1a92198
39 changed files with 1206 additions and 144 deletions
--- a/middleware/file/closest.go
+++ b/middleware/file/closest.go
@@ -52,6 +52,10 @@ func (z *Zone) nameErrorProof(qname string, qtype uint16) []dns.RR {
 		}
 	}

+	if len(nsec) == 0 || len(nsec1) == 0 {
+		return nsec
+	}
+
 	// Check for duplicate NSEC.
 	if nsec[nsecIndex].Header().Name == nsec1[nsec1Index].Header().Name &&
 		nsec[nsecIndex].(*dns.NSEC).NextDomain == nsec1[nsec1Index].(*dns.NSEC).NextDomain {